To make your Java runtime environment trust the certificate, you need to import it into the JRE certificate store.

Step 1 - Get the certificate into your browser store

Browse to your application server using SSL. Your browser will tell you that the certificate isn't trusted and allow you to trust it, thereby placing it in the browser certificate store.

Step 2 - Export the certificate to a binary file

Your browser will have some kind of certificate manager that allows you to export or back up specific certificates to binary files. In Firefox that would be under Preferences / Advanced / Encryption / Servers. Find the certificate presented by the server and export it as a binary DER file.

Step 3 - Import the certificate into the Java Store

Make sure you have write access to your JRE and use the keytool utility to import it:

You will be prompted for the keystore password, which is by default changeit.

Also, when you connect to the server make sure you use the same name as the one set as the Subject in the certificate. You may need to add it to your host file if the server isn't reachable using this name, which may be the case for a developer server.

Thanks for the useful information.
I got similar problem and thus came into this page.
I had a self signed certificate on mail server and the client gave similar exception.... SunCertPathBuilderException: unable to find valid certification path to requested target

I struggled many ways... like import the certificate to the keystore ..still it did not worked.
At last used the below single line of code, and it solved the problem.

Very useful. I am using my java client to connect to my Web service with custom SSL certificate. This is perfect to add a client certificate on my JVM.
Another way which I was using since I have the jks with me to pass on the jvm parameters-
-Djavax.net.ssl.keyStore=${com.sun.aas.instanceRoot}/path/ks-name
-Djavax.net.ssl.trustStore=${com.sun.aas.instanceRoot}/path/ts-name

Sorry it might be very basic question but I am new to this. But I have performed all steps as mentioned in the post but still getting SSLHandshake error. Can anyone please help me on statement? I am calling an API using httpClient, how to mention subject name in my request. Any sample code would be helpful.

"when you connect to the server make sure you use the same name as the one set as the Subject in the certificate. You may need to add it to your host file if the server isn't reachable using this name, which may be the case for a developer server"

when you connect to the server make sure you use the same name as the one set as the Subject in the certificate. You may need to add it to your host file if the server isn't reachable using this name, which may be the case for a developer server.

The subject in the certificate is the name of the server. The server must be accessed using this name for the certificate check to pass. If the subject is e g "mypc" your code should connect to the server using this name. If it were to use e g "localhost", the certificate would be denied. The hosts file could contain a line like